Troubleshoot Feature Key Synchronization

With Feature Key Synchronization, your Firebox can automatically download the latest feature key from the WatchGuard website when a feature is expired or about to expire.

Check the Firebox Configuration

To make sure that your Firebox can automatically download the latest feature key, check these items in the configuration:

  • Feature Key Synchronization must be enabled. For configuration instructions, go to Enable Feature Key Synchronization and Alarm Notification.
  • The Firebox must be configured to use a DNS server that can resolve the domain services.watchguard.com. For instructions to configure a network (global) DNS server on the Firebox, go to Configure Network DNS and WINS Servers.
  • The Firebox must be able to connect outbound over HTTPS to the WatchGuard website. If the Firebox has an external Internet gateway that filters Internet access, the gateway must allow HTTPS connections from the Firebox to services.watchguard.com.

Test Manual Synchronization

If you have enabled Feature Key Synchronization, your Firebox tries to download a new feature key if any licensed feature is expired, or will expire within seven days. If Feature Key Synchronization does not happen automatically, or if you need to synchronize your feature key immediately, you can manually synchronize or install a new feature key. For more information, go to Get a Firebox Feature Key.

If manual synchronization fails, use the troubleshooting steps below to identify and resolve the reason for the failure.

Test DNS Resolution

To download a feature key, your Firebox must be able to resolve the DNS name services.watchguard.com.

To test DNS host name resolution from the Firebox, in Fireware Web UI:

You can use the DNS Lookup diagnostic task to test DNS name resolution from the Firebox.

  1. Select System Status > Diagnostics.
    The Diagnostics page appears with the Diagnostics File tab selected.
  2. Select the Network tab.
    The Network page appears.
  3. From the Task drop-down list, select DNS Lookup.
    The Address text box appears.
  4. In the Address text box, type the host name services.watchguard.com.
  5. Click Run Task.
    The output of the command appears in the Results pane.
  6. To stop the DNS Lookup command, click Stop Task.
  1. Select Tools > Diagnostic Tasks.
  2. From the Task drop-down list, select DNS Lookup.
  3. In the Address text box, type the host name services.watchguard.com.
  4. Click Run Task.
    The output of the command appears in the Results pane.

Collect Diagnostic Log Data for Support

If you cannot resolve the feature key synchronization yourself, you can contact WatchGuard Technical Support for assistance. When you contact support, your technician may ask you to retrieve a support.tgz file from your Firebox.. For best results, retrieve a support.tgz file from the Firebox immediately after you attempt a manual feature key synchronization.

  1. Select System Status > Diagnostics.
  2. Click Download a Support Log File.
    The browser downloads the file.
  1. Start Firebox System Manager for the Firebox.
  2. Select the Status Report tab.
  3. Click Support.
  4. Select the location to save the diagnostics file.

Attach the support.tgz file to your support case.

Related Topics

About Feature Keys

About Feature Keys and FireCluster